Google SCC introduced significant innovations focused on helping customers prioritize risk, identify vulnerabilities, and protect AI workloads within their cloud environment. Below are the key features that achieved General Availability (GA) along with exciting Public Previews (PP). SCC comes in Premium (SCC-P) and Enterprise (SCC-E) editions. Premium provides the strongest security for Google Cloud, while Enterprise extends protection across multiple clouds and includes more robust automated responses.
Risk Prioritization:
Security Graph “Issues” (GA) - surfaces the most critical security risks in a customer’s environment, grouping them by severity and showing how assets, identities, and exposures are connected through an intuitive visual map. This helps customers quickly understand attack paths and the potential blast radius of each issue. Security Graph uses a graph database that incorporates cloud resources (like assets, identities, apps, and data) assigned to its nodes. The edges of the graph determine the risk relationship between those resources following detection rules. Offered with SCC-E&P.
SCC Graph Search (PP) - adds the capability to use a visual query editor to explore security relationships and detect risky combinations. Earlier this year, we introduced Issues to surface toxic combinations, chokepoints, and security insights. We are now introducing Graph Search for SCC customers-a new capability that makes the Security Graph interactive. Offered with SCC-E&P.
Vulnerability Scanning:
Agentless vulnerability scanning for Google Compute Engine VMs and GKE (GA) - enables organizations to detect OS and software package vulnerabilities in their Compute Engine VMs and GKE, without having to install and manage agents. Agentless scanning ensures runtime vulnerability scanning continues for VMs and GKE containers, without needing agents or any onboarding overhead. Offered with SCC-E&P.
Agentless Vulnerability Assessment User Guide
Data Security:
Data security posture management (DSPM) (GA) - provides end-to-end governance for data security, privacy, and compliance within SCC. It enables customers to build a bird’s-eye view of their data across GCP, including the sensitivity level of each data set. It also provides default security posture policies to help monitor and secure data. Offered with SCC-E&P.
Threat Detection:
Correlated Threats Detection (PP) - provides a system that can reason about threats at scale. With 65 new underlying threat detectors (VMTD, KTD, and ETD), our rules detect thousands of unique attack scenarios, offering unparalleled coverage. This connectivity provides the crucial 'aha moment' by meaningfully linking individual threat findings into a clear, comprehensive view. This feature will drastically reduce alert fatigue, achieve high-confidence detections and visualize the entire attack story. Offered with SCC-E.
File Monitoring Detectors (GA) - significantly improves customer security posture through enhanced threat visibility, precise detections, seamless integration, and minimal operational overhead. We are launching six advanced File Monitoring Detectors, also known as Sensitive File Access (SFA) detectors, for Container threat detection (KTD) to proactively identify sophisticated threats. Offered with SCC-E&P.
Testing Container Threat Detection
Cloud Run Threat detection (PP) - provides enhanced protection for Google’s Cloud Run workloads. We are now launching Cloud Run Threat Detection with 16 runtime and control plane detectors. CRTD uses a lightweight 'watcher process' for continuous monitoring and leverages advanced techniques like Natural Language Processing (NLP) to detect malicious Bash and Python code in near real-time. All data collected is ephemeral, which is aimed at addressing any performance or privacy concerns. Offered with SCC-E&P.
Cloud Run Threat Detection overview
AI Protection:
Securing AI workloads (PP) - provides a comprehensive solution for managing security and governance throughout the AI workload lifecycle. It delivers a unified experience and closed-loop remediation via an integrated dashboard across asset inventory, risk identification, security controls, and threat detection for AI deployments. Offered with SCC-E.
AI Protection Public Documentation and Release Notes
Model Armor and its GKE integration (PP) - enhances security and safety of customer AI applications. It works inline by proactively screening LLM prompts and responses, protecting against various risks and ensuring responsible AI practices. Model Armor can now be integrated with Google Kubernetes Engine (GKE) through Service Extensions. Offered with SCC-E.
Integration with Google Kubernetes Engine
AI Protection for Vertex AI Agent Builder (PP) - delivers agentic AI security and governance capabilities, empowering customers running agentic workloads on Agent Engine. The preview includes New Agent Engine Threat Detection (AETD) and enhanced Event Threat Detection (ETD) for Agent Builder. It also covers Agent Engine agent discovery and asset inventory, as well as findings for over-privileged and inactive agents, which are surfaced within SCC based on IAM Recommender. This launch is also powered by Agent Registry in App Hub. Offered with SCC-E.
AI Protection public documentation
Agent Engine Threat Detection public documentation
Agent Builder announcement blog featuring SCC
Security Posture and Compliance:
Compliance Manager (PP) - offers substantial advancement in simplifying the Security & Compliance journey for our customers by integrating capabilities like configuring security, privacy, and compliance best practices, monitoring for misconfigurations, and generating evidence of conformance to these best practices. Offered with SCC-E&P.
Public Sector Compliance:
Data Residency Zone(DRZ) for EU and US (GA) - provides data residency capability in the US and EU. SCC supports DRZ by keeping findings in the multi-region where they’re generated. Using this capability requires minimal configuration effort from customers. Customers can now migrate from the non-DRZ version of SCC to the DRZ version. Offered with SCC-E&P.
FedRAMP High R2406 Compliance (GA) - authorization allows U.S. government agencies and regulated industries (e.g., healthcare and finance) to use SCC to monitor, detect, and manage risks for highly sensitive, unclassified workloads that would cause a "severe or catastrophic adverse effect" if compromised. Offered with SCC-P.